A malicious supply chain attack targeting developers has been discovered in the codexui-android npm package, which masquerades as a legitimate remote web UI for OpenAI Codex. The compromised package, still available on npm and GitHub, has attracted over 29,000 weekly downloads and is designed to steal OpenAI Codex authentication tokens from unsuspecting developers.
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository. What
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
